POGO Letter to Coast Guard Commandant Thad Allen making the case that the Coast Guard should ask for more a larger refund from contractors working on the Deepwater program.

On December 28, 2006, the Coast Guard asked for $96.1 million in repayment from Lockheed Martin and Northrop Grumman for delivering patrol boats that failed to meet the contractual requirements of its $24 billion, 25-year-long Deepwater modernization program.[1] Although this may represent a step toward achieving some contractor accountability and recovering taxpayer dollars, much more could be done if the Coast Guard asked for the full amount of damages. For example, refunds have not been sought on the patrol boats’ failed classified communications systems. The Coast Guard’s request will likely set the baseline for a settlement between the contractors and the government, and the current request does not fully represent the misconduct of the contractors. The Coast Guard should do its best to achieve maximum accountability to look out for the taxpayer’s interest, and to ensure that its Deepwater program gets on track. As you know, congressional and public scrutiny of this program remains high, especially since the first National Security Cutter (NSC), the Bertholf, is undergoing sea trials in the coming months.

Recently, it came to light that the Bertholf had issues similar to some deficiencies that plagued the patrol boats.[2] The NSCs, however, are a much more expensive acquisition, and the Bertholf itself is the Coast Guard’s largest and costliest ship at an estimated $641 million, “virtually double [its] original $322 million price tag."[3]

To fully appreciate the scope of the problems, one has to understand the lengths to which conscientious insiders had to go to achieve the limited accountability that has occurred. Two recent stories [redacted] point to the degree of the contractors’ misconduct, and show that the problems which have led to scrapped ships and an extraordinary waste of taxpayer dollars were actually avoidable. Furthermore, [redacted] their stories point to ways the Coast Guard, other federal agencies, and contractors can avoid these problems in the future: listen to the people on the ground although what they are saying might not be official, might not be what you want to hear, and might not be packaged by slick public affairs professionals.

It may seem obvious to do this, but our organization has seen insiders and whistleblowers with legitimate information ignored time and time again, usually to the detriment of the agency or even of the American public as a whole. Too often, those who are supposed to fix problems and ensure accountability actually work against the few who try to do the right thing, and end up hurting the system rather than helping it. When problems are uncovered, you need to hold accountable those responsible, and to fix the problems. In addition, you need to maintain vigilant oversight to prevent future problems.

DeKort’s and [redacted] Stories

Michael DeKort, Lockheed Martin’s lead engineer at an early stage of the Deepwater program, initially tried to work within his company to resolve his concerns in 2003. All four of his concerns were issues with the Deepwater 123-foot patrol boat modernization:

Inadequate environmental protection for topside electronic equipment to protect it from failing in inclement weather or extreme temperatures. This equipment is part of the ships’ critical communication and navigation systems.

The lack of low-smoke cabling on the ships. This cabling prevents the release of toxic smoke in the event of a fire, and prohibits quick spread of the fires between compartments, thus protecting the Coast Guard crews’ health and safety.

Failure to meet the government-wide communications protection standards, known by the acronym TEMPEST[4]: there was a lack of shielding for electronic communication equipment handling secret communications such as the classified government network SIPRNET. Every ship in the fleet would compromise national security by leaking classified information, which could be easily intercepted by those even moderately adept at eavesdropping. Not only would this compromise the Coast Guard, but also every other government organization communicating with the ships, including such agencies as the NSA, CIA, FBI, DEA.

Insufficient security-camera coverage for ship defense, which means the ships could be boarded by intruders where there were known blindspots.

DeKort’s concerns were largely ignored at first. “You’re doing the right thing,” DeKort remembers his manager telling him when he asked for support in pursuing the Deepwater problems, “but it’s going to come back to bite you.” His manager was right: After DeKort persisted in raising his concerns, Lockheed Martin gave DeKort a performance evaluation significantly lower than his previous ones, according to Corporate Counsel magazine, which featured him on its January 2007 issue front cover.[5]

DeKort then changed jobs at Lockheed, becoming a software engineering manager at the North American Aerospace Defense Command (NORAD). He continued to pursue the Deepwater issues at Lockheed, however, and DeKort believes he was further retaliated against when “his NORAD job was eliminated in a reduction in force, and he received another low appraisal, which he says made it impossible to move to another division,” the Corporate Counsel article also states.[6] His last day at Lockheed was August 11, 2006.

DeKort then went to the Department of Homeland Security Inspector General (DHS IG) with his concerns.

When his concerns were ignored by managers up the line, he did what his company’s much-praised ethics program had trained him to do: He filed an internal complaint in 2004. He spent two years pursuing three separate internal investigations—all in an effort to persuade Lockheed ethics officers to push the company to fix the problems. But the officers kept saying his allegations were baseless.

In February 2006 DeKort phoned the hotline of the U.S. Department of Homeland Security’s inspector general. Within a week the IG dispatched three auditors to meet with him. (The IG’s office confirms that DeKort’s complaint prompted it to open an investigation.) But six months later, the IG’s office had yet to release a report, and DeKort feared that the probe was going nowhere. Finally he contacted the press and elected officials—to no avail. It seemed the end of the line.

Although his August 2006 YouTube video[8] began with the words, “What I am going to tell you is going to seem preposterous and unbelievable,” many took him seriously—and a flurry of press coverage followed. Finally, in February 2007, the DHS IG substantiated the first two of his four concerns, [9] and later privately admitted to him that they should have substantiated the other two points as well, DeKort told POGO.

The last two of his concerns, the TEMPEST and security camera disclosures, have since been substantiated by congressional investigators. Also, two Coast Guard documents confirm his suspicion that problems on the 123-foot patrol boats (in particular those with TEMPEST) carried over to the NSCs because of Deepwater commonality requirements across its various systems. A Coast Guard “NSC Risks Brief” dated August 30, 2007, puts TEMPEST as a high-risk, high-consequence issue for the NSC.[10] And a Coast Guard ‘sitrep’ (on TEMPEST) dated September 5, 2007, reported over 350 design “discrepancies” on the NSC that were, at that time, still unresolved.[11]

[redacted]

Soon after, The New York Times published an article exposing these and many other problems with the Deepwater program. The article, published on December 9, 2006, quoted D’Armiento as saying “This is the fleecing of America . [The Deepwater program] is the worst contract arrangement I’ve seen in my 20 plus years in naval engineering."[12]

In an interview with the Mississippi Press newspaper, Rear Admiral Gary T. Blore, the Coast Guard’s assistant commandant for acquisition, stated that there were communication and computer issues with the 123-foot patrol boats.[16] This was the first time the Coast Guard publicly acknowledged problems other than structural integrity issues with the hulls of the 123-foot patrol boats. This represents vindication for DeKort, although it comes years after his first attempts to solve the problems. Despite this, the Coast Guard has not yet sought a refund for problems with TEMPEST on its 123-foot patrol boats.

The Coast Guard waived the failures in its 123-foot patrol boat secure communications systems. Yet the issuance of that waiver and others is a tremendous part of the problem.

According to a House transportation committee hearing, the Coast Guard lost their Certified TEMPEST Technical Authority (CTTA):

due to a death prior to the [123-foot patrol boat prototype] Matagorda being commissioned or inspected. This person's second in command was then appointed an acting CTTA. [However,] he was not formally recognized by the National Security Agency as the cognizant authority. …

As a result, he was not recognized by the NSA as being competent to perform these inspections nor competent to make the instrumented inspections.

The Coast Guard turned to the Navy. The Navy sent their CTTA to the shipyards. He performed the instrumented inspection, which had three failure points.

The report then went back to the Coast Guard, the acting CTTA, and they started issuing waivers. Things were found bad. Instead of fixing it, they threw a waiver on top of it.[17]

This Coast Guard employee put the government at risk by waiving the TEMPEST failures on the Matagorda despite not having the official government warrant to do so, and thus could not officially represent the government. Furthermore he did this after an authorized Navy official had discovered serious issues with TEMPEST.

The likelihood that the Coast Guard will be reimbursed for the TEMPEST issue is murky at best, according to a congressional source, but the chances are zero if a request is not made. And although details are classified, POGO has been told that attempts are being made to resolve the TEMPEST technical issues. But regardless of the current situation with TEMPEST, those problems should not have existed years after DeKort raised his initial concerns that TEMPEST requirements were being ignored. The contractors, namely Lockheed in this case, were paid to design and install communications systems that could protect classified communications, and to oversee their own work. And for years, the contractors shirked their responsibilities on the taxpayer’s dime.

In addition, the (the insecure) communications systems were used and possibly compromised. For instance, a Coast Guard press release states the ship Matagorda used the classified data system SIPRNET while on a mission near Cuba , despite the fact that the Matagorda had failed an instrumented test for communication leakage. James Atkinson, president and senior engineer of Granite Island Group and one of the world’s foremost experts on TEMPEST, testified before Congress that it is plausible the Cuban government could have intercepted unprotected communications, and by comparing them with scrambled communications, could have made some headway in figuring out American cryptographic methods and codes, what Atkinson calls “the keys to the kingdom."[18] Of DeKort’s two issues that had been officially substantiated by the DHS IG, only one—deficiencies in the external topside equipment—underlies part of the Coast Guard’s request for repayment. It appears that the Coast Guard is not fully pressing Lockheed for the full extent of the defective equipment it provided.

Last summer, the Coast Guard wrote to the contractors and included “a list of 9 ‘class wide issues’ including a separate list of allegedly ‘nonconforming topside equipment,’” according to ICGS, a Northrop and Lockheed partnership. Five of the nine were considered Lockheed's responsibility—that is, non-structural, electronics-related issues. Later, however, the Coast Guard pared this down to only one issue, worth approximately $3 million, Lockheed told Reuters.[19]

Loren Thompson, a defense analyst at the Lexington Institute who consults for Lockheed but not on Deepwater, suggested a possible Lockheed defense. He told the Associated Press, “I’d bet the Coast Guard gets very little back because they probably defined and (managed) the contract too loosely to be entitled to recovery.”

However, the argument that the Coast Guard’s requirements were too weak may be misleading. Lockheed and Northrop, as “lead system integrators,” were paid well with taxpayer dollars for the responsibility to develop and hold to the requirements, and then shirked their responsibility to do so.

For example, electronic equipment that is to be used in harsh weather obviously needs to be adequately protected from the elements so that it can operate, not just effectively, but at all. Further, TEMPEST is a clear, stringent set of requirements to protect communications systems and classified information, and failure to meet TEMPEST is unacceptable. In addition, cameras designed to detect intruders boarding a ship should not have serious, predictable blind spots in their coverage.

Regardless of any lapses by the Coast Guard, the contractor-led lead system integrator management structure—which has since been found problematic and is being reigned in—makes Lockheed responsible for the decisions it made. In sum, Lockheed is less able to blame the Coast Guard than in a situation where the Coast Guard had retained management responsibilities in-house. Lockheed was paid to be a steward of the taxpayer’s money, and that stewardship included oversight of their own work.

Despite this, the Coast Guard has not sought full accountability on the two issues substantiated by the DHS IG, or the two other disclosures that congressional investigators and others have determined to be well-founded.

POGO believes that the Coast Guard should strongly consider publicly itemizing the other deficient Deepwater deliveries on the part of ICGS, quantifying the value of the losses, and making a reasonable request for reimbursement.

Were his disclosures not made, DeKort maintains that every ship after the first eight built—including the much larger NSCs—would have had those same problems “due to contractual electronic system commonality requirements.” Indeed, his concerns about the NSCs have been confirmed by disclosures that show TEMPEST and other problems with the first NSC, the Bertholf.

“Keep in mind that Lockheed was aware of each and every one of these issues in 2003. They delivered eight 123s with the problems and, if the hulls had not cracked, all of the other 49 123s they would have delivered would be in the same horrendous shape,” he told POGO. “We need to make sure these problems are truly solved on the NSCs and other Deepwater systems.”

More fundamentally, DHS needs to ensure that concerns from its most patriotic employees and contract employees are heeded by DHS and by the senior management of its contractors. These employees often do not intend to become whistleblowers, but due to a bureaucratic culture that seeks to crush those who expose problems, are often forced to. These individuals, who seek to fulfill their duty to the public, should be protected and listened to regardless of the status of whistleblower laws, which are often riddled with loopholes or just not enforced.

If you have any questions, please do not hesitate to call me or POGO’s national security investigator Nick Schwellenbach at (202) 347-1122.

3 Christopher P. Cavas, “USCG, Contractors Agree on New Cutters,” Defense News, August 13, 2007. One knowledgeable source told POGO that this increase in price may not reflect correcting the discrepancies associated with the communication systems which came to light in the “NSC Risks Brief” dated August 30, 2007, and in a Coast Guard “sitrep” dated September 5, 2007—both of which were written after the Defense News article. It also should be noted that “Rumors are the first NSC will be rejected by Coast Guard inspectors,” according to one very recent media account: David Axe, “Bad Coastie Cutter for Navy?,” Wired Magazine Online – Danger Room blog, January 29, 2007. Available at: http://blog.wired.com/defense/2008/01/coastie-cutter.html (Accessed January 30, 2008.) POGO was unable to confirm the substance of the rumor with either the Coast Guard or Integrated Coast Guard Systems, a Lockheed/Northrop partnership. Both stated that the rumor was “totally unfounded.”

4 TEMPEST stands for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions. A layman’s definition might be protection from signals that leak from cables and other electronic equipment.